 |
Elon Musk, head of the Department for Government Efficiency (DOGE). Photo: Times of India . |
The criminal group behind the DOGE Big Balls malware attack has raised its extortion demands. Specifically, a new note, using an image of Elon Musk and references to the Department for Government Effectiveness (DOGE), is demanding $1 trillion from victims.
One of the first reports about this group came from the cybersecurity intelligence platform Cyble on April 14th. The company detailed how the hackers, in addition to using conventional attack techniques, combined psychological and media elements to create a ripple effect and mislead investigations.
The ransomware is actually an upgraded version of an existing malware called Fog. Those behind the recent attack renamed it DOGE Big Balls. According to Forbes , this move successfully attracted media attention and set it apart from other campaigns.
A Checkpoint report indicates that malware attacks increased by 126% in the first quarter of 2025, with North America accounting for 62% of all global attacks. This shows that cybersecurity threats need to be taken more seriously.
However, the hacker group appears to be toying with government agencies. A security report from Trend Micro on April 21st states that the malware is currently mercilessly mocking DOGE and Elon Musk.
In late February, the U.S. Federal Employment Agency (DOGE) sent emails to millions of employees with the subject line "What did you do this past week?". The email asked them to list five key things they had done during the previous week. Elon Musk, head of DOGE, announced on social media that anyone who failed to meet the requirements would be considered to have resigned.
Taking inspiration from the above action, the attackers modified the blackmail note to read, "Give me five bullet points of what you accomplished at work last week, or you owe me $1 trillion ."
In fact, this blackmail demand is very serious, according to Forbes . The attackers claim to have copied some of DOGE's data into their internal resources. They advise victims to contact them as soon as possible for a resolution, and also instruct them to use the Tor browser to proceed to the next step.
In addition to the above request, the note also included a humorous warning: "Don't tell anyone." However, the attackers stated that they had "taken the longitude and latitude coordinates of where you live," to prove they weren't lying.
Fog is an active malware program targeting both individuals and organizations. Cyble reports that the attack group used a ZIP file named "Pay Adjustment.zip" containing a phishing shortcut to deploy the malware. The shortcut would trigger the next steps of the attack when the user opened the file.
Additionally, the attackers exploited a long-known security vulnerability called CVE-2015-2291. They would perform privilege escalation, allowing malware to gain deeper access to the system and critical parts of the operating system.
Source: https://znews.vn/elon-musk-bi-hacker-tong-tien-1000-ty-usd-post1548340.html
![[Photo] Prime Minister Pham Minh Chinh attends the Conference on the Implementation of Tasks for 2026 of the Industry and Trade Sector](/_next/image?url=https%3A%2F%2Fvphoto.vietnam.vn%2Fthumb%2F1200x675%2Fvietnam%2Fresource%2FIMAGE%2F2025%2F12%2F19%2F1766159500458_ndo_br_shared31-jpg.webp&w=3840&q=75)
Comment (0)